Home Cyber Attack Orangeworm Cyber Attack Group Targets Health Sector

Orangeworm Cyber Attack Group Targets Health Sector

by Unallocated Author

A cyber-attack group known as Orangeworm has been observed setting up a custom backdoor known as Trojan.Kwampirs inside large international organizations as discovered by researchers at Symantec.

The organizations targeted include healthcare providers, pharmaceutical firms, and IT service providers for healthcare and equipment manufacturers that serve the healthcare industry.

Symantec said, “This hacking group chooses its targets carefully and deliberately, carrying out careful planning before launching an attack.”

This Kwampirs malware was found on medical devices such as MRI machines and X-ray machines. It was also found on machines that are used to help patients complete their consent form for required procedures.

However, the Symantec researchers found no evidence to show that the attackers were copying any image from the devices. This concludes that the purpose of this cyber-attack maybe possible cyber-espionage to know more about how machines work.

The researchers claim, “Orangeworm is believed to have been active since January 2015, conducting targeted attacks against organizations in healthcare-related industries as part of a larger supply chain attack to carry out espionage against their intended victims.” Although their exact motive is still not clear.

According to Symantecs researcher, “Almost 40% of Orangeworm’s confirmed victim organizations operate in the healthcare industry, followed by manufacturing and IT (15% each), and logistics and agriculture (8% each).”

Even though these industries are very unrelated but researchers claim, “They have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly to healthcare firms, IT organizations that provide support services to medical clinics, and logistical organizations that deliver healthcare products.”

Kwampirs malware uses a “fairly aggressive” means to get inside the victim’s network and copies itself over the network shares. The researchers say that, “Although this method is considered old, it may still be viable for environments that run older operating systems, such as Windows XP.”

Giovanni Vigna, CTO and co-founder of Lastline said that, “Healthcare devices are an enticing target for hackers because they are typically not upgraded and monitored as aggressively as other components, such as desktops and laptops.”

He added saying, “Since the operating system of these devices possibly controls life-critical systems, it is finely tuned and not automatically updated, this situation makes it easy to break into outdated versions of the OS and remain permanently entrenched into the platform.”

Although Orangeworm has been active for the past 3 years, the researchers do not believe that the group bears any hallmarks of a state sponsored actor. This malware is likely to be the work of a small group of individuals.

 

You may also like